hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
43,354 Commits 1,742 Branches 166 Tags
af25cf8be28f50b7f95e92467cebbc8bfbad217a
Commit Graph

43354 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Henry Mercer
af25cf8be2 Merge pull request #10409 from github/codeql-ci/js/ml-powered-pack-release-0.3.3 
JS: Bump version numbers of ML-powered packs after 0.3.3 release
 2022-09-13 16:23:37 +01:00
Tamás Vajk
84bd8f179b Merge pull request #10403 from tamasvajk/kotlin-rework-cast 
Kotlin: Code quality improvements: refactor a cast
 2022-09-13 17:09:13 +02:00
Rasmus Wriedt Larsen
2e95e25afb Merge pull request #10406 from RasmusWL/ruby-instanceof 
Ruby: Rewrite a few `::Range` uses to `instanceof`
 2022-09-13 16:57:13 +02:00
AlexDenisov
aacc368228 Merge pull request #10399 from github/redsun82/swift-macos-arm 
Swift: print a helpful message on macOS ARM
 2022-09-13 16:24:38 +02:00
Henry Mercer
bc2de7ed4b Merge branch 'main' into codeql-ci/js/ml-powered-pack-release-0.3.3 2022-09-13 15:15:56 +01:00
github-actions[bot]
b40def71b9 JS: Bump version of ML-powered library and query packs to 0.3.4 2022-09-13 14:11:16 +00:00
github-actions[bot]
e08e22ac32 JS: Bump patch version of ML-powered library and query packs 2022-09-13 14:06:57 +00:00
Tamas Vajk
2c757c714d Kotlin: Code quality improvements: refactor a cast 2022-09-13 15:44:54 +02:00
Rasmus Wriedt Larsen
511030df48 Ruby: Rewrite a few ::Range uses to instanceof 2022-09-13 15:44:29 +02:00
Erik Krogh Kristensen
46751e515c Merge pull request #10388 from erik-krogh/exportNew 
JS: recognize returning an instance of a class as exporting that class
 2022-09-13 13:45:16 +02:00
Erik Krogh Kristensen
2739b9cfd8 Merge pull request #10390 from erik-krogh/unmentionedGuard 
QL: add unmentioned guard class query
 2022-09-13 11:04:13 +02:00
Paolo Tranquilli
9227203336 Swift: print a helpful message on macOS ARM 
Also remove the tentative way compilation was expected to be fixed on
macOS ARM without really working.

In the future we will create universal binaries (which requires
compiling our prebuilt package for ARM as well), but until then we must
require the developer to pass `--cpu=darwin_x86_64` to the build
command when building on an ARM macOS platform like the M1. This will be
printed out explicitly now if it's not the case.
 2022-09-13 11:00:47 +02:00
Erik Krogh Kristensen
86417cec34 Merge pull request #10381 from erik-krogh/protoList 
JS: recognize a list of bad strings as a sanitizer for `js/prototype-polluting-assignment`
 2022-09-13 11:00:29 +02:00
Mathias Vorreiter Pedersen
7f6b400b78 Merge pull request #10366 from MathiasVP/use-use-flow-in-experimental 
C++: Use-use flow in `experimental`
 2022-09-13 09:30:48 +01:00
Erik Krogh Kristensen
dd5da79e46 recognize setters and getters of a class as exported 
Co-authored-by: Asger F <asgerf@github.com>
 2022-09-13 10:04:02 +02:00
erik-krogh
dd5db2e6d7 add to isSanitizerGuard 2022-09-13 07:27:51 +02:00
erik-krogh
3eb7675292 rename to DenyListInclusionGuard 2022-09-13 07:27:31 +02:00
erik-krogh
a567c132c1 fix all ql/unmentioned-guard 2022-09-12 22:42:46 +02:00
erik-krogh
9446cad32e add ql/unmentioned-guard class 2022-09-12 22:39:20 +02:00
Arthur Baars
e07e6c9053 Merge pull request #10382 from RasmusWL/ruby-typo-fix 
Ruby: Fix typo in QLDoc
 2022-09-12 19:04:37 +02:00
Erik Krogh Kristensen
bb3753a682 Merge pull request #10317 from erik-krogh/py-unqueryable 
PY: deprecate a bunch of unused code
 2022-09-12 17:44:59 +02:00
erik-krogh
ceda5f69fc recognize returning an instanceof of a class as exporting that class 2022-09-12 17:31:51 +02:00
Mathias Vorreiter Pedersen
6e4b3c242f Merge pull request #10377 from geoffw0/deprecate-pointsto 
C++: Put a warning on the PointsTo library.
 2022-09-12 16:25:40 +01:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Mathias Vorreiter Pedersen
d2b150eaf5 C++: Fix QLDoc on the model predicates used by the new experimental use-use code. 2022-09-12 16:00:49 +01:00
Mathias Vorreiter Pedersen
bb1c088fe0 C++: Undo changes to iterator models. 2022-09-12 15:58:49 +01:00
Cornelius Riemenschneider
a8a7909d33 Merge pull request #10364 from github/criemen/remove-legacy-tracing-specs 
Go: Remove the legacy tracer configuration files.
 2022-09-12 15:55:12 +02:00
Tamás Vajk
4569b9585f Merge pull request #10313 from tamasvajk/kotlin-fix-vararg 
Kotlin: Fix `vararg` extraction outside of method call
 2022-09-12 15:54:50 +02:00
Tamás Vajk
ed772e54d1 Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix 
Kotlin: fix `KFunctionX.invoke` extraction
 2022-09-12 15:54:33 +02:00
erik-krogh
05ef76cbca add change-note 2022-09-12 15:41:28 +02:00
Geoffrey White
842af4bf74 C++: Specifically suggest DataFlow as an alternative. 2022-09-12 14:25:45 +01:00
AlexDenisov
be21b26d46 Merge pull request #10045 from github/alexdenisov/swift-cwe-757 
Swift: CWE-757: insecure TLS configuration
 2022-09-12 15:25:15 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Wriedt Larsen
03cc4a2f7a Ruby: Fix typo in QLDoc 2022-09-12 14:35:20 +02:00
AlexDenisov
568eb3a118 Update swift/ql/src/queries/Security/CWE-757/InsecureTLS.qhelp 
Co-authored-by: hubwriter <hubwriter@github.com>
 2022-09-12 14:00:29 +02:00
erik-krogh
98243118b2 recognize a list of bad strings as a sanitizer for js/prototype-polluting-assignment 2022-09-12 13:41:07 +02:00
Erik Krogh Kristensen
3384521fb6 Merge pull request #10357 from erik-krogh/typos 
make a shared library of the typo database
 2022-09-12 11:24:03 +02:00
Erik Krogh Kristensen
cb95e8f263 Merge pull request #10351 from erik-krogh/moreMains 
JS: find a main module in more cases
 2022-09-12 11:01:17 +02:00
Arthur Baars
7ca2e4c51f Merge pull request #9953 from aibaars/update-grammar 
Update tree-sitter-ruby
 2022-09-12 10:51:37 +02:00
Mathias Vorreiter Pedersen
c988547e9c C++: Accept test changes. 2022-09-11 18:31:53 +01:00
Geoffrey White
8ac3e10896 C++: Put a warning on the PointsTo library. 2022-09-09 18:03:23 +01:00
Mathias Vorreiter Pedersen
6dcfe0348b C++: Copy over the required changes to non-experimental libraries. 2022-09-09 17:26:58 +01:00
Mathias Vorreiter Pedersen
5509562fe6 C++: Repair a few broken models that were incorrectly a pointer 
as tainted (instead of the pointee), or vice versa. Because of
existing dataflow pointer/pointee conflation we never noticed that,
but since this PR removes those imprecisions we now need to update
these models.
 2022-09-09 17:04:36 +01:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Ian Lynagh
c7e3051edd Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack 
Kotlin: Fix declaration stack
 2022-09-09 16:03:31 +01:00
Tamás Vajk
05fcbdd9e3 Merge pull request #10365 from tamasvajk/kotlin-fix-isUnspecialised-2 
Kotlin: Fix `isUnspecialised` to handle generic classes inside generic methods
 2022-09-09 16:27:19 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Mathias Vorreiter Pedersen
6d313ace2d C++: Copy the new use-use flow code to experimental. 2022-09-09 14:20:10 +01:00
Rasmus Wriedt Larsen
89a331f186 Merge pull request #10359 from tausbn/python-clean-up-import-resolution 
Python: Clean up module resolution
 2022-09-09 15:09:43 +02:00
Tamas Vajk
b8b0fd8a74 Kotlin: Fix isUnspecialised to handle generic classes inside generic methods 2022-09-09 14:32:38 +02:00